RESOLVED FIXED 48708
REGRESSION (r70847): Reproducible crashes in Safari and Mail when editing text 
https://bugs.webkit.org/show_bug.cgi?id=48708
Summary REGRESSION (r70847): Reproducible crashes in Safari and Mail when editing text
Mark Rowe (bdash)
Reported 2010-10-29 20:06:32 PDT
Safari crashes reproducibly when editing text fields after r70847. I reported this as <rdar://problem/8612962> with the following steps to reproduce: 1) Load <http://maps.google.com/>. 2) Click "Get Directions". 3) Click in the B field and start typing "Luxor Hotel". Safari crashes during step 3. This crash also occurs in Mail when composing messages. I also hit it when trying to file this bug in Bugzilla (typing in the Summary field) and was forced to switch to Firefox.
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2010-10-29 20:07:42 PDT
That change was from bug 48287.
Mark Rowe (bdash)
Comment 2 2010-10-29 20:08:43 PDT
Relevant snippet from the crash log: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010 Thread 0 Crashed: 0 com.apple.WebCore 0x0000000103860df2 WebCore::Range::cloneRange(int&) const + 18 (RefPtr.h:59) 1 com.apple.WebCore 0x0000000103fb6e27 WebCore::TextCheckingHelper::paragraphAlignedRange(int&, WTF::String&) const + 73 (PassRefPtr.h:185) 2 com.apple.WebCore 0x0000000103ba3af3 WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges(unsigned int, WebCore::Range*, WebCore::Range*) + 877 (PassRefPtr.h:185) 3 com.apple.WebCore 0x0000000103ba1e45 WebCore::Editor::correctionPanelTimerFired(WebCore::Timer<WebCore::Editor>*) + 219 (PassRefPtr.h:74) 4 com.apple.WebCore 0x00000001037793be WebCore::ThreadTimers::sharedTimerFiredInternal() + 130 (ThreadTimers.cpp:115)
Mark Rowe (bdash)
Comment 3 2010-10-29 20:10:12 PDT
This crash appears to occur when typing in any text area that has spell checking enabled. That makes tip of tree unlivable. For that reason I'm going to roll out the patch that introduced this crash.
mitz
Comment 4 2010-10-29 20:15:28 PDT
*** Bug 48646 has been marked as a duplicate of this bug. ***
Mark Rowe (bdash)
Comment 5 2010-10-29 20:22:08 PDT
Bug 48646 has info about an assertion that is hit in debug builds.
Mark Rowe (bdash)
Comment 6 2010-10-29 20:42:33 PDT
Rolled out in r70970.
Note You need to log in before you can comment on or make changes to this bug.